controlplane.yaml

apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  name: istiocontrolplane
  namespace: {{ .Release.Namespace }}
spec:
  profile: {{ .Values.profile }}
  hub: {{ .Values.hub }}
  tag: {{ .Values.tag }}

  components:
    {{- if .Values.openshift }}
    cni:
      enabled: true
      namespace: kube-system
    {{- end  }}
    ingressGateways:
      - name: istio-ingressgateway
        namespace: {{ .Release.Namespace }}
        enabled: true
        label:
          {{- toYaml .Values.ingressGateway.labels | default (dict) | nindent 10 }}
        k8s:
          service:
            type: {{ .Values.ingressGateway.type }}
            ports:
              {{- range $k, $v := .Values.ingressGateway.ports }}
              {{- /* Input validation */}}
              {{- if not $v.name }}
                {{- fail "missing field 'name' in ports object" }}
              {{- else if not $v.port }}
                {{- fail "missing field 'port' in ports object" }}
              {{- else if eq $.Values.ingressGateway.type "NodePort" }}
                {{- if not $v.nodePort }}
                  {{- fail "'nodePort' must be defined when type is NodePort" }}
                {{- else if or (lt (int $v.nodePort) 30000) (gt (int $v.nodePort) 32767) }}
                  {{- fail "nodePort value outside of acceptable range (30000-32767)" }}
                {{- end }}
              {{- end }}
              {{- /* Actual port object rendering */}}
              -
                {{- range $pk, $pv := $v }}
                {{ $pk }}: {{ $pv }}
                {{- end }}
              {{- end }}
          hpaSpec:
            minReplicas: {{ .Values.ingressGateway.minReplicas }}
            maxReplicas: {{ .Values.ingressGateway.maxReplicas }}
            metrics:
              - type: Resource
                resource:
                  name: cpu
                  targetAverageUtilization: 60
            scaleTargetRef:
              apiVersion: apps/v1
              kind: Deployment
              name: istio-ingressgateway
          strategy:
            rollingUpdate:
              maxSurge: 100%
              maxUnavailable: 25%
          serviceAnnotations:
            {{- .Values.ingressGateway.serviceAnnotations | default (dict) | toYaml | nindent 12 }}
          podAnnotations:
            {{- .Values.ingressGateway.podAnnotations | default (dict) | toYaml | nindent 12 }}
          nodeSelector:
            {{- .Values.ingressGateway.nodeSelector | default (dict) | toYaml | nindent 12 }}
          tolerations:
            {{- .Values.ingressGateway.tolerations | default (list) | toYaml | nindent 12 }}
      {{- range $i := .Values.extraIngressGateways }}
      - name: {{ $i.name }}
        enabled: true
        label:
          {{- $i.labels | default (dict) | toYaml | nindent 10 }}
        k8s:
          service:
            type: {{ $i.type }}
            ports:
              {{- range $k, $v := $i.ports }}
              {{- /* Input validation */}}
              {{- if not $v.name }}
                {{- fail "missing field 'name' in ports object" }}
              {{- else if not $v.port }}
                {{- fail "missing field 'port' in ports object" }}
              {{- else if eq $i.type "NodePort" }}
                {{- if not $v.nodePort }}
                  {{- fail "'nodePort' must be defined when type is NodePort" }}
                {{- else if or (lt (int $v.nodePort) 30000) (gt (int $v.nodePort) 32767) }}
                  {{- fail "nodePort value outside of acceptable range (30000-32767)" }}
                {{- end }}
              {{- end }}
              {{- /* Actual port object rendering */}}
              -
                {{- range $pk, $pv := $v }}
                {{ $pk }}: {{ $pv }}
                {{- end }}
              {{- end }}
          hpaSpec:
            minReplicas: {{ $i.k8s.hpaSpec.minReplicas }}
            maxReplicas: {{ $i.k8s.hpaSpec.maxReplicas }}
            metrics:
              - type: Resource
                resource:
                  name: cpu
                  targetAverageUtilization: 60
            scaleTargetRef:
              apiVersion: apps/v1
              kind: Deployment
              name: {{ $i.name }}
          strategy:
            rollingUpdate:
              maxSurge: 100%
              maxUnavailable: 25%
          serviceAnnotations:
            {{- .k8s.serviceAnnotations | default (dict) | toYaml | nindent 12 }}
          podAnnotations:
            {{- .k8s.podAnnotations | default (dict) | toYaml | nindent 12 }}
          nodeSelector:
            {{- .k8s.nodeSelector | default (dict) | toYaml | nindent 12 }}
          tolerations:
            {{- .k8s.tolerations | default (list) | toYaml | nindent 12 }}
  {{- end }}

  addonComponents:
    kiali:
      enabled: {{ .Values.kiali.enabled }}
    tracing:
      enabled: {{ .Values.tracing.enabled }}

  meshConfig:
    accessLogFile: /dev/stdout

  values:
    {{- if .Values.openshift }}
    cni:
      repair:
        enabled: false
      image: {{ .Values.cni.image.name }}
      hub: {{ .Values.cni.image.hub }}
      tag: {{ .Values.cni.image.tag }}
      cniBinDir: /var/lib/cni/bin
      cniConfDir: /etc/cni/multus/net.d
      chained: false
      cniConfFileName: "istio-cni.conf"
      excludeNamespaces:
       - istio-system
       - kube-system
      logLevel: info
    {{- end }}
    global:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.proxy }}
      {{- if .Values.proxy.image }}
      proxy:
        image: {{ .Values.proxy.image }}
      proxy_init:
        image: {{ .Values.proxy.image }}
      {{- end }}
      {{- end }}
    # https://istio.io/v1.5/docs/reference/config/installation-options/#kiali-options
    kiali:
      image: {{ .Values.kiali.image.name }}
      hub: {{ .Values.kiali.image.hub }}
      tag: {{ .Values.kiali.image.tag }}
      {{- if .Values.monitoring.enabled }}
      prometheusAddr: http://monitoring-monitoring-kube-prometheus.monitoring.svc:9090
      {{- end }}
      dashboard:
        jaegerURL: "https://{{ tpl (index .Values.istio.jaeger.hosts 0) .}}"
        grafanaInClusterURL: http://monitoring-monitoring-grafana.monitoring.svc
        auth:
          strategy: {{ .Values.kiali.dashboard.auth.strategy }}

    sidecarInjectorWebhook:
      rewriteAppHTTPProbe: true
      {{- if .Values.openshift }}
      injectedAnnotations:
        k8s.v1.cni.cncf.io/networks: istio-cni
      {{- end }}

      neverInjectSelector:
        - matchExpressions:
            - key: app.kubernetes.io/component
              operator: In
              values: [fluentd-configcheck]

    tracing:
      jaeger:
        image: {{ .Values.tracing.image.name }}
        hub: {{ .Values.tracing.image.hub }}
        tag: {{ .Values.tracing.image.tag}}